Ransomware attacks jump 51% this year: CERT-In

Ransomware attacks jumped during the first half of this year rising 51% from the previous year, according to a CERT-In report released on Tuesday. It identified post-COVID digitisation, hybrid work culture, modernisation of attack tool kits, and evolution of ransomware as a service to be the key reasons behind these attacks

Published - August 05, 2022 06:15 pm IST

Ransomware attacks jumped during the first half of this year rising 51% from the previous year, according to a CERT-In 

Ransomware attacks jumped during the first half of this year rising 51% from the previous year, according to a CERT-In  | Photo Credit: Getty Images

Hackers exploited known unpatched vulnerabilities of public-facing networks for initial entry into the network. Some of the common ways to exploit vulnerabilities were compromised credentials of remote access services including VPN and RDP, used by threat actors to gain entry into networks, the report noted. Cyber thieves also exploited legitimate tools like “AnyDesk” used for remote administration.

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

They used these to execute scripts in safe mode and evade installed security solutions and carry out further attacks. Multiple platforms like Linux based operating systems, virtual environments like ESXI, backup storages and cloud environments were also targeted.

For cloud-based systems, ransomware groups chose to wipe the data rather than encrypting after exfiltration, the report said. Major sectors affected by these attacks include data centres, IT/ ITes, manufacturing and finance, oil and gas, transport and power.

The report noted that among the prominent ransomware families observed in H1 2022 , Djvu/Stop and Lockbit were the most used. While Djvu/Stop was used for citizen centric attacks, Lockbit was mostly utilized for targeted attacks. Citizen centric attacks refer to attacks on personal devices of prominent individuals like CA’s, lawyers, journalists and politicians while targeted attacks refer to attacks on organisations.

Other ransomware families used for attacks included Phobos for both citizen centric and targeted attacks while Hive group activity was observed in targeted attacks.

And while different families like Djvu/Stop have majorly been used in citizens centric attacks they can be used to target organisations as well, similarly Lockbit can be used in citizen centric attacks.

CERT-In suggested that the victims of these attacks must isolate the infected systems from networks, report such attacks to the CERT-In or other regulatory authorities, and lodge an FIR with law enforcement agencies.

However, it urged the victims to avoid negotiating or paying the ransom in case of such attacks.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.